package cc.liyinghao.springsecuritydemo.security.component;

import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.stereotype.Component;

@Component
public class CustomSecurityExpression {

    /**
     * 自定义 hasRole 方法
     */
    public boolean hasRole(Authentication authentication, String role) {
        if (authentication == null || !authentication.isAuthenticated()) {
            return false; // 用户未认证
        }

        // 自定义权限校验逻辑，比如从数据库动态查询
        for (GrantedAuthority authority : authentication.getAuthorities()) {
            if (authority.getAuthority().equals("ROLE_" + role)) {
                return true; // 角色匹配
            }
        }
        return false;
    }
}

